{"id":"https://openalex.org/W2082190528","doi":"https://doi.org/10.1145/2420950.2420987","title":"Malicious PDF detection using metadata and structural features","display_name":"Malicious PDF detection using metadata and structural features","publication_year":2012,"publication_date":"2012-12-03","ids":{"openalex":"https://openalex.org/W2082190528","doi":"https://doi.org/10.1145/2420950.2420987","mag":"2082190528"},"language":"en","primary_location":{"id":"doi:10.1145/2420950.2420987","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2420987","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030452214","display_name":"Charles Smutz","orcid":null},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles Smutz","raw_affiliation_strings":["George Mason University, Fairfax, VA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041500780","display_name":"Angelos Stavrou","orcid":"https://orcid.org/0000-0001-9888-0592"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Angelos Stavrou","raw_affiliation_strings":["George Mason University, Fairfax, VA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.9259,"has_fulltext":false,"cited_by_count":272,"citation_normalized_percentile":{"value":0.98596092,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"239","last_page":"248"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.867485523223877},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8261018991470337},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.7991123199462891},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.7854238748550415},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.7145276665687561},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5480754375457764},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.4680013060569763},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.462968111038208},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4626544117927551},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4560326635837555},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14743584394454956},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.14600199460983276},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.10634362697601318}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.867485523223877},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8261018991470337},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.7991123199462891},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.7854238748550415},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.7145276665687561},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5480754375457764},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.4680013060569763},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.462968111038208},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4626544117927551},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4560326635837555},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14743584394454956},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.14600199460983276},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.10634362697601318}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2420950.2420987","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2420950.2420987","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.299.6491","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.299.6491","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cs.gmu.edu/~astavrou/research/Malicious_PDF_Detection_ACSAC_12.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.704.7890","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.704.7890","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cs.gmu.edu/%7Etr-admin/papers/GMU-CS-TR-2012-5.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W41443263","https://openalex.org/W56150456","https://openalex.org/W1519407765","https://openalex.org/W1523641353","https://openalex.org/W1537207920","https://openalex.org/W1571989395","https://openalex.org/W1648885110","https://openalex.org/W1761672165","https://openalex.org/W1970867218","https://openalex.org/W1988146703","https://openalex.org/W1993651556","https://openalex.org/W2008504907","https://openalex.org/W2009916274","https://openalex.org/W2042058229","https://openalex.org/W2090697035","https://openalex.org/W2105631555","https://openalex.org/W2111216264","https://openalex.org/W2131431452","https://openalex.org/W6602318066","https://openalex.org/W6636944375"],"related_works":["https://openalex.org/W2149202530","https://openalex.org/W2807822918","https://openalex.org/W2921723332","https://openalex.org/W2782609208","https://openalex.org/W3088188605","https://openalex.org/W4366990902","https://openalex.org/W4317732970","https://openalex.org/W4388550696","https://openalex.org/W4321636153","https://openalex.org/W4313289487"],"abstract_inverted_index":{"Owed":[0],"to":[1,23],"their":[2],"versatile":[3],"functionality":[4],"and":[5,52,69],"widespread":[6],"adoption,":[7],"PDF":[8],"documents":[9,38],"have":[10],"become":[11],"a":[12,31],"popular":[13],"avenue":[14],"for":[15,33,66,95],"user":[16],"exploitation":[17],"ranging":[18],"from":[19,49],"large-scale":[20],"phishing":[21],"attacks":[22],"targeted":[24],"attacks.":[25],"In":[26],"this":[27],"paper,":[28],"we":[29,57],"present":[30],"framework":[32],"robust":[34],"detection":[35,68,103],"of":[36,62,72],"malicious":[37],"through":[39],"machine":[40],"learning.":[41],"Our":[42,79],"approach":[43],"is":[44],"based":[45],"on":[46,106],"features":[47,74,94],"extracted":[48],"document":[50,64],"metadata":[51],"structure.":[53],"Using":[54],"real-world":[55],"datasets,":[56],"demonstrate":[58],"the":[59,60,70,83,101],"adequacy":[61],"these":[63,73],"properties":[65],"malware":[67,77],"durability":[71],"across":[75],"new":[76],"variants.":[78],"analysis":[80],"shows":[81],"that":[82,91],"Random":[84],"Forests":[85],"classification":[86,98],"method,":[87],"an":[88],"ensemble":[89],"classifier":[90],"randomly":[92],"selects":[93],"each":[96],"individual":[97],"tree,":[99],"yields":[100],"best":[102],"rates,":[104],"even":[105],"previously":[107],"unseen":[108],"malware.":[109]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":19},{"year":2023,"cited_by_count":23},{"year":2022,"cited_by_count":28},{"year":2021,"cited_by_count":31},{"year":2020,"cited_by_count":25},{"year":2019,"cited_by_count":30},{"year":2018,"cited_by_count":32},{"year":2017,"cited_by_count":21},{"year":2016,"cited_by_count":17},{"year":2015,"cited_by_count":12},{"year":2014,"cited_by_count":11},{"year":2013,"cited_by_count":9}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}